Worm Spreads Among Facebook Users by Using Google Sites

According to reports, a malware that emerged on Facebook.com in late July 2008 has resurfaced, this time taking help of Google's Websites to bypass security filters.

Soon after discovering the malware, Fortinet, the security vendor, notified both Facebook and Google about the new attack. The company is aware that Facebook has asked Google to shut down the redirects in order to keep the Website safe from the worm.

The security specialists at Fortinet said that the new attack involves a message sent to the Facebook users' friends, asking them to follow a link pointing to a video clip posted on either the Picasa photo-sharing Website or to Reader RSS, both belong to Google.

However, when victims attempt to download the video, an error note pops up that directs the user to download a fresh version of "Video ActiveX Object" to view the movie. But this download actually is the worm dubbed W32/Zlob.NKX!tr.dldr (Trojan-Downloader.Zlob.Media-Codec), which when downloaded and planted, repeats the corrupt cycle.

The revelation is of the latest high-profile attack designed around predominant and reputable sites. Hackers using Google's Picasa and Reader sites is an attempt to increase the chances of the worm to spread.

Senior Manager of Fortinet's Security Research Unit, Guillaume Lovet, said that Google is a reliable brand, so there are more chances that users download the video, as reported by InternetNews on October 29, 2008.

Security investigators further added that given the sophistication of the attack, Facebook might find it difficult to overcome it soon. Also, given that so many users are accessing Facebook.com, the worm could spread widely.

Meantime, Barry Schnitt, a Facebook Spokesperson, said that senior managers reportedly accepted Lovet's opinion that Facebook would not disconnect itself from Google on account of the fresh round of attacks, as reported by InterentNews on October 29, 2008.

However, according to many security specialists, it might be hard to tackle the fresh set of attacks as cyber-criminals keep sending new links to people, and also because they are experts in hiding the malware, especially by using trusted Websites like Google Reader.

Related article: Worm Spreads With Random Subject Lines

» SPAMfighter News - 11/13/2008